MAVProxyUser found a way to sideload and install apk´s on the CrystalSky. This works through the DirtyCow exploit. It temporary patches the installd, which was modded by DJI to prevent installation of apks through adb (Android Debug Bridge).
You need to have adb installed and CrystalSky connected via USB to your PC for this script!
Kingoroot works, nobody cared to actually look which exploit they use, might be dirtyc0w. If you use kingoroot you should do so in a WindowsVM since they install a ton of crapware to your windows installation.
In the past Kingoroot has been found to be stealing IMEIs, and potentially other information from devices, as well as other strange behaviour that may or may not be intentionally malicious. See these threads for more information:
The user is advised to find another method to obtain a root prompt if at all possible. As a last resort, kingoroot could be used, providing:
DJI blocked apk installation, they do this through a modified installd. Bin4ry patched the installd to allow installations again, download it here: https://dji-rev.slack.com/files/bin4ry/F6L7R9ZFT/installd With root remount the system partion rw and then overwrite the original installd in /system/bin/installd. Make sure you keep the correct file permissions.
This will allow sideloading of APKs.
Triple check file name and file permissions before rebooting as your CS can get bricked if mishandling the installd. And as long as we dont have a good way of creating & restoring a (nandroid) backup that is risky…
To unlock more settings use this build.prop: https://dji-rev.slack.com/files/bin4ry/F6MFB6K8D/build.prop Remount system partition rw and overwrite the build.prop in /system/build.prop. Make sure you keep the correct file permisions. chmod 644 build.prop
Triple check file contents, file name and file permissions before rebooting as your CS can get bricked if mishandling the build.prop. And as long as we dont have a good way of creating & restoring a (nandroid) backup that is risky…
To make Google Play Store work, first you need root. It will NOT work with Kingoroot. To switch from Kingoroot to SuperSU, use this App : https://s3-us-west-2.amazonaws.com/supersu/download/zip/SuperSU-v2.79-20161205182033.apk
After that, you need a flashing tool and the needed zip which contains the Play Store, Framework etc. The flashing tool can be downloaded here: https://flashfire.chainfire.eu/ The needed zip can be downloaded here: http://opengapps.org/ Choose Platform: “ARM” Android: “5.1” Variant: “pico”
- Install (sideload) flashfire
- Give flashfire su, if asked
- Copy the zip (i.e. open_gapps-arm-5.1-pico-20170811.zip) to an sd card, plug it in the CS sd1 slot
- In flashfire, tap the “+” sign on the right hand corner.
- Choose “Flash ZIP or OTA”
- Tap on top of the filebrowser to change to “Filesystem root”
- Navigate to “mnt/external_sd1”
- Choose your zip file
- Leave “Auto-mount” and “Mount/system read/write” unchecked
- Hit the checkmark and there you go
After several reboots, you will be greeted with the setup assistant. Step through it, make your settings and thats it.
Triple Check the choosen Platform, Android Version and Variant to avoid flashing wrong software, which could brick your device. Execute the steps carefully and you should be good.
This has been tested on an CrystalSky 7.85, System Version 02.02.08.01 and 02.02.09.00